User name and password are nearly ubiquitous in authentication applications today. The user name is a claimed identity and the submitted password is evidence that the user knows a secret. In security circles, this is referred to as “something you know” authentication. Sometimes a password comprises a sequence of numbers, which is referred to as a Personal Identification Number (PIN). (In authentication parlance, “evidence” is the feature, document, object or action that is used to confirm the identity of an individual. For instance, the signature on a check is “evidence” that the account holder authored the document.)
Generally a password is entered using a keyboard. Examples of keyboards are those attached to a computer, those that are part of an ATM (Automatic Teller Machine), the number pad on a telephone, or the virtual keyboard that use touch screens on smart phones or tablet style computers.
A password is basically a string, which is a sequence of characters. When the password is used to logon to a website, it is little more than a block of bytes passed as part of an HTTP message. All that is needed to impersonate the legitimate user is knowledge of the password string. For online services, impersonation can occur at any time from almost any place in the world.
The present invention discloses how novel means can be applied to password encoding and password validation modules for text-based authentication.